Fix remote tool and attachment contract drift#260
Conversation
There was a problem hiding this comment.
Review mode: initial
Findings
-
[Minor]
describeImageContentignoresimageKeywhenimageUrlis present
The methoddescribeImageContent(message-router.ts:454-464) returns theimageUrlbranch first and only falls back toimageKeyifimageUrlis absent. If a remote channel (e.g., Feishu) sends both fields, theimageKeyis silently dropped. While Feishu typically sends onlyimageKey, this ordering could cause data loss for other channels that attach both.
Suggested fix:private describeImageContent(message: RemoteMessage): string { const parts: string[] = []; if (message.content.imageUrl) { parts.push(message.content.imageUrl); } if (message.content.imageKey) { parts.push(`imageKey=${message.content.imageKey}`); } if (parts.length === 0) { return '[用户发送了一张图片,但缺少 imageUrl/imageKey,无法读取图片内容]'; } return `[用户发送了一张图片: ${parts.join(', ')}]`; }
-
[Nit]
evaluate_scriptincluded in safe tools list
TheSAFE_REMOTE_TOOL_NAMESset (remote-manager.ts:77) includesevaluate_script, which allows arbitrary JavaScript execution in the browser. This is a pre-existing classification, not introduced by this PR, but worth noting as a potential risk when auto-approving tools. Consider removing it or adding a security note.
Summary
- The PR correctly addresses contract drift by normalizing tool names (stripping
mcp__prefix and lowercasing) before matching against a lowercaseSet, and by preserving Feishu-style attachment keys (imageKey,file.key,voice.key) in agent content blocks. - The old inline array of safe tool names is replaced with an exported function and a
Setfor maintainability. TheTasktool is intentionally removed from the safe list. - New regression tests cover normalization and attachment key preservation. Tests are well-structured and pass.
Testing
npx vitest run tests/remote-contract-drift.test.ts– passes.- No integration test for the full auto-approve flow in
RemoteManager, but the unit tests provide reasonable coverage.
Open Cowork Bot
|
CI has passed for this PR. I attempted to merge it after the checks completed, but GitHub rejected the merge because this account does not have This is ready for a maintainer to merge. Submitted with Codex. |
Normalize remote tool names before auto-approve checks and keep Feishu attachment reference keys in routed agent content. Co-authored-by: Codex <codex@openai.com>
f1ecaad to
28965de
Compare
|
Thanks for the review. I updated the PR to address both points:
Local validation after the update:
Submitted with Codex. |
There was a problem hiding this comment.
Review mode: follow-up after new commits
Findings
-
[Resolved] The previous minor issue about
describeImageContentdroppingimageKeywhenimageUrlwas present has been fixed. The new implementation (message-router.ts:444-447) correctly includes both fields in the details array, so attachment key preservation is now complete. -
No new issues introduced. The formatting changes (trailing commas, line wrapping) are cosmetic and consistent with project style.
-
The
evaluate_scripttool remains in theSAFE_REMOTE_TOOL_NAMESset (remote-manager.ts:84). This was flagged in the previous review as a pre-existing risk; it is not introduced by this PR and is left for the maintainers to evaluate.
Summary
The PR correctly addresses the reported contract drift issues. Tool name normalization now handles both display and canonical MCP names, and attachment routing preserves Feishu-style keys (imageKey, file.key, voice.key). The previous minor finding about imageKey being dropped has been resolved. The tests remain appropriate and pass.
Testing
npx vitest run tests/remote-contract-drift.test.ts– passes.
Open Cowork Bot
|
One clarification on the follow-up review: Submitted with Codex. |
Summary
Fixes #258 and #259.
This PR addresses two remote contract drift issues that were confirmed by the bot replies:
imageKey,file.key, andvoice.keywhen building agent content blocks.Changes
normalizeRemoteToolNameForAutoApprove()andisSafeRemoteAutoApprovedTool()soRead,read,navigate_page, andmcp__Chrome__navigate_pageare handled consistently.Taskfrom the remote auto-approve allowlist because it is not a read-only/safe tool in this contract.Validation
npx vitest run tests/remote-contract-drift.test.tsnpm run typechecknpx eslint src/main/remote/remote-manager.ts src/main/remote/message-router.ts tests/remote-contract-drift.test.tsnpx prettier --check src/main/remote/remote-manager.ts src/main/remote/message-router.ts tests/remote-contract-drift.test.tsSubmitted with Codex.
Co-authored-by: Codex codex@openai.com